public virtual async Task <HttpResponseMessage> DeletePackage( string id, string version, CancellationToken token) { if (_authenticationService == null) { return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Package delete is not allowed")); } var apiKey = GetApiKeyFromHeader(); var requestedPackage = await RetrieveFromRepositoryAsync(id, version, token); if (requestedPackage == null || !requestedPackage.Listed) { // Package not found return(CreateStringResponse(HttpStatusCode.NotFound, string.Format("'Package {0} {1}' Not found.", id, version))); // Request.CreateErrorResponse(HttpStatusCode.NotFound, string.Format("'Package {0} {1}' Not found.", id, version)); } // Make sure the user can access this package if (_authenticationService.IsAuthenticated(User, apiKey, requestedPackage.Id)) { await _serverRepository.RemovePackageAsync(requestedPackage.Id, requestedPackage.Version, token); return(Request.CreateResponse(HttpStatusCode.NoContent)); } else { return(CreateStringResponse(HttpStatusCode.Forbidden, string.Format("Access denied for package '{0}', version '{1}'.", requestedPackage.Id, version))); } }
private void Authenticate(HttpContextBase context, string apiKey, string packageId, Action action) { if (_authenticationService.IsAuthenticated(context.User, apiKey, packageId)) { action(); } else { WriteForbidden(context, packageId); } }
private bool Authenticate(HttpContextBase context, string apiKey, string packageId) { if (_authenticationService.IsAuthenticated(context.User, apiKey, packageId)) { return(true); } else { WriteForbidden(context, packageId); return(false); } }